Web Security Labs

A collection of web security testing tools to help security professionals and enthusiasts audit web applications with efficiency and ease.

Match and Replace

Learn how to use M&R - a powerful tool for finding and replacing patterns in HTTP requests and responses.

Open Lab

IDOR Vulnerability

Explore how Insecure Direct Object References can expose sensitive user information and learn to identify these vulnerabilities.

Open Lab

Too Many Requests

Learn how to filter information with HTTPQL and how it can be used to scan for hidden information.

Open Lab

ShaSigned

Learn how to use convert workflows to really speed up your testing process.

Open Lab

CSRF via Content-Type

Explore how improper content-type handling can lead to CSRF vulnerabilities, even with SameSite cookies.

Open Lab

Session Monitor

Learn how to track session ID changes and monitor session behavior using Caido workflows for session management testing.

Open Lab

Reflected XSS Lab

Learn the basics of how to identify reflected XSS with two different vulnerabilities in the same lab.

Open Lab

HTTP Hunt Lottery

Learn how to use Caido's HTTP History to discover hidden information in responses and access unintended functionality.

Open Lab